package com.kinghood.authoritycenter.common.config;

import com.kinghood.authoritycenter.common.properties.BaseProperties;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.CollectionUtils;
import org.springframework.web.filter.CorsFilter;

import java.util.List;

/**
 * description
 *
 * @author zhangFanJun
 * @date 2023-12-04 16:28
 **/
@RequiredArgsConstructor
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final TokenProvider tokenProvider;
    private final JwtAuthenticationEntryPoint authenticationErrorHandler;
    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
    private final BaseProperties baseProperties;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

        httpSecurity
                .csrf()
                .disable()
                .exceptionHandling()
                .accessDeniedHandler(jwtAccessDeniedHandler)
                .authenticationEntryPoint(authenticationErrorHandler)
                .and()
                .headers()
                .frameOptions()
                .sameOrigin()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/register").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/user/**").permitAll()
                .antMatchers("/sysDirection/getDirectionByCodeList").permitAll()
                .antMatchers("/auth/getUser").permitAll()
                .antMatchers("/auth/getUserMono").permitAll()
                .antMatchers("/auth/checkToken").permitAll()
                .antMatchers("/auth/openToken").permitAll()
                .antMatchers("/thirdPart/obs/getSign").permitAll()
                .antMatchers("/secret/delete/**").permitAll()
                .antMatchers("/sysLog/addLog").permitAll();

        List<String> ignoreUriList = baseProperties.getIgnoreUriList();
        if (!CollectionUtils.isEmpty(ignoreUriList)) {
            httpSecurity.authorizeRequests().antMatchers(ignoreUriList.toArray(new String[ignoreUriList.size()])).permitAll();
        }

        httpSecurity.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .apply(securityConfigurerAdapter());

    }

    private JWTConfigurer securityConfigurerAdapter() {
        return new JWTConfigurer(tokenProvider);
    }

}
